Go to homepage

Data protection notice for customers, interested parties, business partners and suppliers

A. General information

I. Responsible party

With this data protection notice,

TechniSat Digital GmbH
Julius-Saxler-Straße 3
54550 Daun
Telefon: 0049 (0)6592 / 712 -0
E-Mail: datenschutz@technisat.de

(hereinafter also referred to as ‘TechniSat Digital’) fulfils its existing legal obligation to provide information in accordance with Articles 13 and 14 of the General Data Protection Regulation (‘GDPR’) with regard to the processing of personal data of customers, interested parties, business partners and suppliers. In the following, we therefore explain which personal data we process from you and in what way.

II. Personal Data

Personal data within the meaning of Art. 4 No. 1 GDPR includes, for example, information such as your name, address, telephone number, email address, bank details or date of birth.

III. Processing of personal data

The processing of personal data in accordance with Art. 4 No. 2 GDPR refers to any operation or set of operations which is performed on personal data, whether or not by automated means.

We process personal data within the meaning of Art. 4 No. 2 GDPR in accordance with the specifications and requirements set out below within the framework of automated processing based on a relevant legal basis.

The relevant legal bases for our data processing are set out below.

Automated decision-making in individual cases, including profiling in accordance with Art. 22 GDPR, does not take place. Insofar as credit scores from credit agencies are used, they do not play a decisive role in decision-making; rather, our employees make an independent decision, taking the credit score into account, as to whether or not to conclude a contract, which is documented.

In the event of changes in purpose, the relevant provisions of Art. 6 (4) GDPR are strictly observed.

The scope of the processing of your personal data is limited by the respective purposes described above.

B. General processing operations

I. Purpose of processing personal data of customers, interested parties, business partners and suppliers

We process your data, which we collect from you or which you provide to us, in particular to establish a contractual relationship with you and to be able to fulfil the existing contractual relationship with you, Art. 6 (1) (b) GDPR.

The foregoing also includes the implementation of pre-contractual measures at your request.

Personal data collected by us directly from you upon conclusion of the contract is necessary for the conclusion of the respective contract.

In order to be able to prepare an offer for you as a prospective customer and to be able to execute the respective contract with you as a customer, you are contractually obliged to provide the necessary data. Failure to provide the necessary personal data may result in the contract not being fulfilled.

In this context, we process in particular relevant contact data, financial data, in particular payment data, as well as data in connection with the respective contract concluded, insofar as this is necessary to achieve the respective purpose. When you order a product and/or service, we also process your contact details for communication purposes and to provide the products and services you have ordered.

If you are not a natural person, we process the personal data of your contact person.

In addition, we process your data in order to submit or evaluate appropriate offers to you, to manage an order or to provide support services.

The same applies if we purchase products or services from you as a business partner or supplier.

With regard to the fulfilment of legal obligations, Art. 6 (1) (c) GDPR is the corresponding legal basis. We process your personal data depending on the respective legal obligation, e.g. with regard to the provisions of the Money Laundering Act.

In addition, Art. 6 (1) (f) GDPR, ‘legitimate interest’, is our basis for authorisation if we have a legal, economic or non-material interest in data processing and this does not outweigh the rights, interests or fundamental rights of the data subjects that are worthy of protection.

Art. 6(1)(c) GDPR, ‘legal obligation’, and Art. 6(1)(f) GDPR, ‘legitimate interest’, with regard to data processing unaffected. Your declaration of consent is voluntary. Not giving your consent will not result in any disadvantages for you. You can revoke your consent at any time by sending us an email or letter. Revoking your consent does not affect the lawfulness of the processing that took place prior to revocation.

II. Use of the TechniSat Online Shop

If you wish to place an order in our online shop at www.technisat.de, please refer to technisat.de/en/privacy-policy for further information on data processing.

III. MyTechniSat-Account

If you register for a MyTechniSat account on our TechniSat website, we will process the data you provide. Your email address is mandatory and will be used exclusively for the purpose of operating the app and for personal access. You can provide further personal data on a voluntary basis if you wish, e.g. name, address, country, telephone, mobile, fax, date of birth. We store your personal data in order to answer your questions.

The legal basis is Art. 6 (1) (b) GDPR, ‘performance of a contract’.

IV. Account on the specialist dealer portal

You must register in order to access our specialist trade portal and our specialist trade online shop. Mandatory fields are marked accordingly, in particular customer number, company name, company address, your email address and telephone number. We process this data in order to fulfil the contractual relationship with you, in particular based on the distribution agreement. For further information on data processing, please refer to fachhandel.technisat.de/Datenschutz/.

The legal basis is Art. 6 (1) (b) GDPR, ‘performance of a contract’, or alternatively Art. 6 (1) (f) GDPR, ‘legitimate interest’.

V. Processing of personal data through the use of AI systems

We process personal data in the context of the implementation and use of AI systems. The legal basis for data protection in this case is Art. 6 (1) (f) GDPR, ‘legitimate interest’. According to this, data processing is lawful if the processing of personal data is necessary to safeguard our legitimate interests, unless the interests or fundamental rights of the data subject prevail.

We can rely on a legitimate interest in the form of a legal and economic interest in data processing, in particular with regard to increasing efficiency and automating operational processes, optimising business processes, maintaining competitiveness through the use of modern technologies, and optimising products and services.

Even weighing up the interests or fundamental rights of the data subject does not lead to an exclusion of data processing: the intensity of the intervention is not considered to be high in this case. Furthermore, no profiling takes place. In particular, there are no apparent risks to the rights and freedoms of the data subjects. No special categories of personal data pursuant to Art. 9 GDPR or data relating to children are processed. Furthermore, in the specific situation, the data subjects expect their personal data to be processed due to the fulfilment of the transparency obligation with this data protection notice. Negative effects of data processing are therefore not apparent.

Processors used are contractually bound by the relevant provisions of Art. 28 GDPR and will only process data in accordance with the legal requirements, our instructions and only within the scope of fulfilling the order.

C. Contacting us

I. General information

When you contact us by e-mail, chat/chatbot, telephone or via a contact form on our website, we will process the data you provide. Mandatory information is only required in the respective contact option and, depending on the subject area, e.g. purchasing advice, technical problems, questions about product registration and warranty/questions about data protection/becoming a TechniSat dealer or repair order/RMA, in the mandatory fields displayed. This information is necessary so that we can respond to your enquiry accordingly. You can provide further personal data on a voluntary basis if you wish, e.g. if you would like us to send you information material by post, we will need your address. We store your personal data in order to answer your questions. We delete the data collected in this context once it is no longer necessary to store it, or restrict its processing if there are legal retention obligations.

The legal basis is Art. 6 (1) (a) GDPR, ‘Consent’, or alternatively Art. 6 (1) (f) GDPR, ‘Legitimate interest’.

II. Additional information for communication via Microsoft Teams

We use Microsoft Teams to hold online meetings.

We hereby inform you about the processing of your personal data in the context of our online meetings using the Microsoft Teams video conferencing solution.

If you do not wish to communicate with us via Microsoft Teams, you can contact us via any of our other communication channels. Alternatively, you can invite us to an online meeting using your own meeting tool.

If you are unable or unwilling to use the Microsoft Teams app, it is possible to use Microsoft Teams via your browser. In this case, the service is provided via the Microsoft Teams website.

We process the following personal data as part of our online meetings using Microsoft Teams:

  • Communication data, e.g. your email address, if you provide this personal information
  • Audio and video data to enable the playback of videos and audio; the data from your device's video camera and microphone is processed for the duration of the meeting
  • Log files, log data
  • Metadata, e.g. IP address, time of participation, meeting ID, telephone numbers, etc.
  • Profile data, e.g. your user name, if you provide this yourself

However, the scope of data processing also depends on the information you provide before or during participation in an online meeting. For example, a profile picture is optional. You may also have the option of using the chat function in an online meeting. If you make use of this, your text entries will be processed in order to display them in the online meeting. If it is necessary for the purposes of recording the results of an online meeting, we will log the chat content.

You can switch off or mute the camera and/or microphone yourself at any time via the Microsoft Teams application. You can also stop using the chat function at any time.

The legal basis for this is Art. 6 (1) (f) GDPR, ‘legitimate interest’.

As a rule, meetings are not recorded. Recording may only take place in exceptional cases if the participants have been expressly and transparently informed of the planned recording in advance and have given their consent to the extent necessary, and have received supplementary data protection information, to the extent required by law, including the specific purpose of the recording and the recipients to whom the recording is to be made available. The legal basis, if necessary, is the consent of the data subject, Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent at any time. The revocation of consent does not affect the permissibility of the processing carried out until the revocation.

Personal data processed in connection with participation in online meetings will not be passed on to third parties.

Microsoft Teams is part of the Office 365 cloud application. Microsoft Office 365 is software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Data processing with Office 365 takes place on servers in data centres in the EU. We have concluded a data processing agreement with Microsoft in accordance with Art. 28 GDPR. This agreement also includes extensive technical and organisational measures, such as data encryption.

In exceptional cases, Microsoft may request access for the purpose of remote maintenance. This access is then reviewed by us and granted upon approval. Access may be granted to Microsoft affiliates outside the EU. We have taken measures to ensure an adequate level of data protection in this case.

We cannot rule out the possibility that data may be routed via servers located outside the EU.

Data is transferred to companies in the USA on the basis of an adequacy decision by the European Commission within the meaning of Art. 45 (3) GDPR, which stipulates that an adequate level of protection exists in the USA.

Microsoft reserves the right to process customer data for its own business purposes. We have no influence on this data processing by Microsoft. Microsoft is solely responsible for these data processing activities, so you can contact Microsoft for further information.

Further information: privacy.microsoft.com/en-gb/privacystatement and docs.microsoft.com/en-gb/microsoftteams/teams-privacy

D. Products

I. Internet radio

Station selection: To search for and select Internet radio stations, the device processes your IP address, the web address of the radio station and the hardware and software ID of your device. This information is transmitted to the Internet radio database operator, airable GmbH. Further information and relevant data protection information can be found here: airable GmbH, Am Treppchen 2, 41334 Nettetal, see www.airablenow.com/datenschutz/.

The legal basis is Art. 6 (1) (b) GDPR, ‘Performance of a contract’.

Radio reception: In order to receive an internet radio station, your IP address and the web address of the radio station are processed and transmitted to the respective radio station.

The legal basis is Art. 6 (1) (b) GDPR, ‘performance of a contract’.

Software updates: The software for your device is provided by airable GmbH. In order to keep it up to date, your IP address, hardware and software ID, and information about the model and software version of the device are transmitted to them. Further information and the corresponding data protection notice can be found here: airable GmbH, Am Treppchen 2, 41334 Nettetal, see www.airablenow.com/datenschutz/.

The legal basis for this is Art. 6 (1) (f) GDPR, ‘legitimate interest’.

Network connection: In order to connect the device to your home network, the name and password of your Wi-Fi network are stored in the device. The data is deleted as soon as you disconnect.

The legal basis for this is Art. 6 (1) (f) GDPR, ‘legitimate interest’.

Third-party services: Services from third-party providers, such as the management of favourites lists or connection to streaming services, can be obtained under the respective terms of use, whereby the respective provider is responsible for data protection in accordance with Art. 4 No. 7 GDPR. Further information can be found in the respective data protection notices of the providers.

II. ISIO receiver & ISIO smart TV

ISIO Internet list update: In order to provide your device with the current ISIO Internet list, we process the public IP address of the router, DeviceID (device-specific identifier) and the internal serial number (once per month). The internal serial number and DeviceID are stored without any link to other data for statistical purposes (e.g. how many devices of a certain type download the ISIO Internet list each month) and deleted at the end of the month, i.e. after five weeks at the latest.

The legal basis is Art. 6(1) (b) GDPR, ‘performance of a contract’, alternatively Art. 6 (1) (f) GDPR, ‘legitimate interest’.

Connection to the Internet: In order to use the numerous Internet-based additional services of your TechniSat device, you must connect to the Internet. Only then will the Internet-based additional services be activated and the device exchange data with the respective service providers via the Internet. If you refuse to connect your TechniSat device to the Internet, your device can only be used offline, i.e. to receive television signals with the respective integrated device-specific functions (e.g. recording function).

To check the network connection quality, you also have the option of performing an Internet speed test with your device. In doing so, we process the public IP address of the router and your country setting.

The legal basis is Art. 6 (1) (b) GDPR, ‘performance of a contract’, alternatively Art. 6 (1) (f) GDPR, ‘legitimate interest’.

TECHNIMATIC device software update: In order to provide the device software, we process the public IP address of the router, DeviceID (device-specific identifier), country setting and the internal serial number (once per month). The internal serial number and DeviceID are stored without any link to other data for statistical purposes (e.g. how many devices of a certain type download the device software per month) and deleted at the end of the month, i.e. after five weeks at the latest.

The legal basis for this is Art. 6 (1) (f) GDPR, ‘legitimate interest’.

TechniSat CONNECT: For the purpose of using the digital programme guide (SFI) and timer programming with the TechniSat CONNECT app, we process your MyTechniSat email address and password, the public IP address of your internet router, the network device name in your home network, the data from the digital TV guide, and the programmed and scheduled recording times of the digital video recorder. This information is stored for 30 days.

Further information can be found in the data protection notice of the TechniSat CONNECT app.

The legal basis is Art. 6 (1) (b) GDPR, ‘performance of a contract’.

Identification of the device: For the purpose of using the Internet functionality and statistical evaluation, we process the MAC address and IP address to identify the device. This information is not merged with the buyer's personal data. This information is transmitted to servers in the EU and stored for 15 days (MAC address) or 30 days (IP address).

The legal basis for this is Art. 6 (1) (f) GDPR, ‘legitimate interest’.

SIEHFERN INFO (SFI) information service: For the purpose of using the digital TV magazine ‘SFI’, we process the public IP address of the router, DeviceID (device-specific identifier) and the internal serial number (once per month). This information is transmitted to our server in Germany. The IP address is stored for a maximum of three days for load balancing between the individual servers. The serial number is stored for statistical purposes and deleted after five weeks.

The legal basis is Art. 6 (1) (b) GDPR, ‘performance of a contract’, alternatively Art. 6 (1) (f) GDPR, ‘legitimate interest’.

Web browsers: For the purpose of connecting to websites, users can access any websites operated by website operators. TechniSat is not responsible for data security or the content of websites. The website operator is responsible for data protection within the meaning of Art. 4 No. 7 GDPR. TechniSat refers to the data protection information provided by the website operators.

Cookies: Cookies set by website operators are not within TechniSat’s responsibility. The controller within the meaning of Article 4 (7) GDPR is the operator of the respective website. TechniSat refers to the privacy notices of the website operators. We do not set or access cookies ourselves.

HbbTV: For the purpose of enabling the use of additional programme information, teletext services and media libraries, the respective HbbTV provider (television broadcaster) acts as controller and independently processes the browser name, browser version, manufacturer’s name and software version. TechniSat refers to the privacy notices of the respective HbbTV provider (television broadcaster).

ISIPRO – Automatic channel list update: In order to provide your device with the current satellite reception data, we process the public IP address of the router, the DeviceID (device-specific identifier) and the internal serial number (the latter only once per month). The internal serial number and DeviceID are stored, without any link to other data, for statistical purposes (e.g. how many devices of a certain type download ISIPRO per month) and are deleted at the end of the month, i.e. no later than after five weeks.

The legal basis is Article 6 (1) (b) GDPR (“performance of a contract”), or alternatively Article 6 (1) (f) GDPR (“legitimate interests”).

III. Smart TV with Vestel, TIVU, VIDAA operating system

1. Vestel and TiVo operating system

The data controller within the meaning of Art. 4 No. 7 GDPR is the company: Vestel Elektronik Sanayi ve Ticaret A.S., Levent 199 Buyukdere Cad. No 199 Sisli, Istanbul, 34394.

Name and contact details of the representative pursuant to Art. 27 GDPR: Vestel Holland B.V. Germany Branch Office, Parkring 6, 85748 Garching bei München, email: info@vestel-germany.de

Further information on data processing can be found in the privacy policy, which is available at www.vestel.com/de/content/verarbeitung-personlicher-daten.

2. VIDAA operating system

The data controller within the meaning of Art. 4 No. 7 GDPR is the company: VIDAA USA Inc., 10775 Bell Road, Duluth, Georgia 30097, United States.

Name and contact details of the representative pursuant to Art. 27 GDPR: VERDATA Datenschutz GmbH & Co. KG, Römerstraße 12, 40476 Düsseldorf, email: vidaa.representative@verdata.eu.

Further information on data processing can be found in the data protection notice available at www.vidaa.com/privacy-policy/.

IV. TechniSmart

Connection to the home network and the Internet: For the purpose of authentication, controlling the app and distinguishing between different users (if several are created), it is necessary to integrate the central unit into your home network and connect it to the Internet. The following user data about you will be processed: user name, email address or telephone number, password, time of registration and user profile. In addition, the following data about your system will also be processed: device name, password, version, device ID and configuration of the central unit, information about the connected components (status of door magnet, motion detector, remote control, siren), status information (active/inactive status, online status, history with times of last activations, battery status, language, approximate location for the time zone) and the IP address of the central unit and your end device.

Further information can be found in the TechniSmart app's privacy policy.

The legal basis is Art. 6 (1) (b) GDPR, ‘performance of a contract’, alternatively Art. 6 (1) (f) GDPR, ‘legitimate interest’.

Storage of data on your end device: You have the option of voluntarily activating the auto-login option to speed up the login process. In this case, the app stores your user name locally and your associated password and Wi-Fi password in encrypted form as long as this option is active. Your data will not be passed on.

Further information can be found in the TechniSmart app's privacy policy.

The legal basis for this is your voluntary consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Not giving your consent does not have any disadvantages for you, but you will not be able to use our function. You can revoke your consent at any time by deactivating the option shown. The withdrawal of consent does not affect the lawfulness of the processing of your data prior to withdrawal.

V. TechniSat IP cameras

Camera recordings: image and sound.

The legal basis is Art. 6(1) (b) GDPR, ‘performance of a contract’.

Connection to the home network and the internet via TechniSmart: see D., IV.

The legal basis is Art. 6(1)(b) GDPR, ‘performance of a contract’, alternatively Art. 6(1)(f) GDPR, ‘legitimate interest’.

Use with SmartHome central unit via our TechniSat Connect app: Our IP cameras can be used with our SmartHome central unit, see D., IV.

Use with the Foscam app: Our IP cameras can also be used without our SmartHome central unit. The IP cameras are then set up and controlled via an app from Shenzhen Foscam Intelligent Technology Co, Ltd. The data controller within the meaning of Art. 4 No. 7 GDPR is then the company Shenzhen Foscam Intelligent Technology Co, Ltd., Street One, Vanke Cloud City, Xili Community, Xili Street, Nanshan District, Shenzhen, China, email: support@foscam.com.

Name and contact details of the representative pursuant to Art. 27 GDPR: LM2 Group, 9 rue André Darbon, 33300 Bordeaux, France, email: gdpr@foscam.com

Further information on data processing can be found in the data protection notice available at www.foscam.com/company/Privacy-German.html.

VI. TECHNIVOLT

Our TECHNIVOLT app is used to configure (e.g. teach RFID cards) and display parameters for wallboxes (TECHNIVOLT 1100 / 1100 SMART / 2200 SMART) and their charging processes in your home network.

This allows you to control TECHNIVOLT wallboxes with our app and display information such as charging time and charged electricity.

When you use the mobile app, we process the personal data described below to enable convenient use and fulfil the purpose of the app, as well as data that is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security, so that we have to process it.

When you interact with a TECHNIVOLT charging station via our TECHNIVOLT app, the following data is transmitted between the app and the charging station in your home network for the purpose of using the TECHNIVOLT app:

  • Local IP address of your mobile device
  • Local IP address of your TECHNIVOLT charging station
  • User password for the TECHNIVOLT charging station
  • ID of the RFID card and associated charging data with date, time and energy consumption.

The home network, or LAN for short, is a network with a group of devices in a limited area, such as your home environment. These devices can communicate with each other and exchange data within this network.

All data collected is transmitted exclusively between the wallbox and the app, but is not stored on the internet or on servers.

At no time is data transmitted to our servers, nor do we have any access to data within your home network. It is not necessary for you to enter personal data in order to use the app, for example by means of a login or registration.

The legal basis is Art. 6 (1) (b) GDPR (‘performance of a contract’), alternatively Art. 6 (1) (f) GDPR (‘legitimate interest’).

In order to be able to read user cards when using the app, our app requires access to the mobile device's RFID scanner. If you do not allow such access, we will not use your RFID scanner. In this case, however, you will not be able to use all the functions of our mobile app.

We only access your data to the extent that it is necessary for the functionality of the app and to fulfil its purpose. We treat your data confidentially and delete it if you object to its use or if your data is no longer required for the provision of services and there are no legal retention obligations.

All data collected is transmitted exclusively between the wallbox and the app, but is not stored on the internet or on servers.

The legal basis is Art. 6 (1) (b) GDPR (‘performance of a contract’).

E. Advertising

We intend to process the data you have provided or that we have collected for advertising purposes in the context of an existing customer relationship or other contractual relationships involving payment. The legal basis for data protection in this case is Art. 6(1)(f) GDPR, ‘legitimate interest’. According to the recitals to the GDPR, such a legitimate interest exists in particular with regard to so-called direct marketing, see Recital 47 (7). The term ‘direct marketing’ refers to the direct approach of a consumer by a provider with the aim of promoting the sale of products or services for remuneration. Customer satisfaction surveys or participation in surveys may also fall under the legal term of advertising. The other legal requirements, in particular those of Section 7 UWG, are of course observed.

Without an existing customer relationship or other contractual relationship for remuneration, we will only process your personal data for advertising purposes if you have given us your voluntary consent, Art. 6 (1) sentence 1 lit. a GDPR.

With your consent, you can subscribe to our newsletter.

If you register and subscribe to our newsletter, we will inform you about our current offers and events. We use the double opt-in procedure for registration for our newsletter via our website. This means that after you register, we will send an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to investigate any possible misuse of your personal data. The only mandatory information required for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will store your personal data for the above-mentioned purpose. The legal basis is Art. 6 (1) (a) GDPR. This consent is voluntary. You can refuse to give your consent without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect by clicking on the link provided in each newsletter email or by sending a message to the contact details provided in this privacy policy, without any disadvantages for you.

Advertising is carried out by post, electronically, including email, in particular through our newsletter, social media, or by telephone, insofar as this is legally permissible.

The advertising measures relate in particular to all products and services, customer satisfaction surveys and questionnaires, as well as invitations to trade fairs and events.

You can object to the processing of your personal data for advertising purposes at any time. The relevant contact details are listed in the data protection notice. In this case, your personal data will no longer be processed for advertising purposes and will be deleted from the relevant advertising distribution lists.

If we use processors in this context, we have concluded a data processing agreement with them in accordance with the provisions of Art. 28 GDPR, so that the processor is subject in particular to our instructions as the client.

F. Duration of data processing

The maximum duration of storage depends on the purpose of the data processing. The duration of storage is generally based on the period of time required for processing to fulfil the purpose.

Data protection deletion periods do not apply if and to the extent that statutory retention obligations, such as those under social security, commercial or tax law, for example under Section 257 of the German Commercial Code (HGB) or Section 147 of the German Fiscal Code (AO), require longer deletion periods.

G. Recipients of personal data

We transfer data within our specialist departments to the extent necessary to achieve our purposes.

We may transfer data within the group. The primary legal basis for data transfer within the Techniropa Holding group of companies and its affiliated companies within the meaning of Section 15 et seq. of the German Stock Corporation Act (AktG) is Article 6(1)(f) of the GDPR. According to this, data processing is lawful if processing is necessary to safeguard legitimate interests, unless the interests or fundamental rights of the data subject prevail. In the recitals to the GDPR, which are to be regarded as interpretative aids to the GDPR, recital 48 specifies the legitimate interest for a transfer within a group of companies. According to this, such processing within the group for internal administrative purposes with regard to the processing of customer data is to be qualified as a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. Internal administrative purposes relating to customer data in this sense may include central customer management, internal group reporting or, in the case of access to data within matrix structures in a group of companies.

Between Techniropa Holding GmbH, Julius-Saxler-Straße 3, 54550 Daun, Tel.: 06592-712 2015, email: info@techniropa.de, and individual companies of the Techniropa Group, but also among themselves, have concluded agreements on joint responsibility within the meaning of Art. 26 GDPR. The respective contracting parties jointly determine the purposes and essential means of processing personal data, e.g. in the context of the operation and use of group-wide systems in the areas of HR, marketing and IT, with Techniropa Holding GmbH acting as the central service provider for the group of companies. We comply with our legal obligation to provide the essential points of the joint controller agreement pursuant to Art. 26 (2) sentence 2 GDPR with this data protection notice. You can assert your rights as a data subject against any of the companies in the Techniropa Holding GmbH group of companies. We will be happy to provide you with further information regarding the individual joint responsibility agreements free of charge, if required and to the extent permitted by law.

We use Microsoft Office 365 software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, with Microsoft's headquarters located in the USA. Data processing in connection with the use of Office 365 takes place on servers in data centres in the EU. We have concluded a data processing agreement with Microsoft in accordance with Art. 28 GDPR. This agreement also includes extensive technical and organisational measures, such as data encryption. Data is transferred to companies in the USA on the basis of an adequacy decision by the European Commission within the meaning of Art. 45 (3) GDPR, which stipulates that an adequate level of protection exists in the USA. The legal basis for this is Art. 6 (1) (f) GDPR.

Furthermore, transfers to external third parties may be made to the extent that the foregoing is necessary and legally permissible to achieve the purpose, for example to: auditing companies, tax consulting companies, law firms, financing companies, banks, factoring companies, other assignees, advertising agencies, letter shops, printing companies, postal service providers, freight forwarders, authorities, including tax offices, customs, insurance companies, credit rating agencies, IT service providers, debt collection companies, data disposal companies, creditor protection associations and other credit information services. The legal basis for data transfer is Art. 6 (1) (f) GDPR.

External processors used are contractually bound to the provisions of Art. 28 GDPR. Processors will only process your data in accordance with the legal requirements, according to our instructions and only within the scope of fulfilling the order.

H. Location of data processing measures

All processing of personal data takes place in Germany or in Member States of the European Union. We do not transfer personal data to countries outside the Member States of the European Union, so-called third countries, or to other international organisations, unless otherwise stated in the data protection notice.

If we transfer personal data to companies in third countries, the above only applies if the third country has been confirmed by the EU Commission as having an adequate level of data protection in accordance with Art. 45 (3) GDPR, which is the case for both the USA and the United Kingdom, or if other appropriate data protection guarantees, e.g. binding internal company data protection regulations or an agreement on the standard contractual clauses of the EU Commission or the consent of the data subject, Art. 44 ff. GDPR.

I. Security / technical and organisational measures

We take all necessary technical and organisational measures in accordance with the provisions of Articles 24, 25 and 32 of the GDPR to protect personal data from loss, destruction, access, alteration or dissemination by unauthorised persons and misuse. We therefore comply with the legal requirements for the pseudonymisation and encryption of personal data, for the confidentiality, integrity, availability and resilience of the systems and services involved in processing, for the availability of personal data and the ability to restore it quickly in the event of a physical or technical incident, and for the establishment of procedures for regular review, assessment and evaluation of the effectiveness of technical and organisational measures to ensure the security of processing. Furthermore, we also comply with the requirements of Art. 25 GDPR with regard to the principles of ‘privacy by design’, data protection through technology design, and ‘privacy by default’, data protection through privacy-friendly default settings.

J. Your rights under Art. 15 et seq. GDPR / Contact details of the data protection officer

You have the right to obtain information about your personal data free of charge and, if the legal requirements are met, the right to have your data corrected, blocked and deleted, to restrict processing, to data portability and to object.

You have the right to

  • request confirmation from us as to whether personal data concerning you is being processed; if this is the case, you have the right to information about this personal data and to the information specified in detail in Art. 15 GDPR,
  • request that we immediately correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data, see Art. 16 GDPR,
  • to request that we delete personal data concerning you without delay if one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if data is no longer required for the purposes pursued, known as the right to erasure,
  • to request that we restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you have objected to processing, for the duration of our review,
  • to request that we transfer the data if one of the conditions listed in Art. 20 GDPR applies,
  • to object at any time to the processing of personal data concerning you for reasons arising from your particular situation or in the context of direct marketing. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims, see Art. 21 GDPR. Insofar as we base the processing of your personal data on the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you can therefore object to the processing. This is the case if the processing is not necessary in particular for the performance of a contract with you. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or point out to you our compelling legitimate reasons for continuing the processing.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR, see Article 77 GDPR. You may exercise this right before a supervisory authority in the Member State of your residence, your place of work, or the place of the alleged infringement. In Rhineland-Palatinate, the competent supervisory authority is: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz, Hintere Bleiche 34, 55116 Mainz.

If you have any questions regarding the processing of your personal data, regarding the aforementioned rights and their exercise, or if you wish to provide suggestions, please contact the above-mentioned details or our external Data Protection Officer:

Telephone: 0049 (0) 6592 712 1351

E-mail: datenschutzbeauftragter@technisat.de

Version: 4, valid from 31.07.2025.

Our most recent version of this privacy notice shall apply at all times.

Customers / interested parties / business partners / suppliers are obliged to consult this privacy notice at regular intervals and to make it accessible to their employees if they themselves are not natural persons and if their employees’ personal data are processed by us.