Data Protection

Privacy

Privacy Policy of myOpenFactory Software GmbH

Version: 21.02.2022

The purpose of this privacy policy is to inform you in detail about the processing of your personal data in accordance with the legal requirements of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

These laws impose meaningful obligations on all companies in the European Union or European Economic Area to ensure the protection of your personal data during processing. In accordance with the requirements of Articles 13 and 14 GDPR, we outline below what type of data we process and for what purposes, and what rights you can exercise in this regard at any time.

Our employees and our data protection officer will be happy to answer any questions you may have.

Table of contents

  1. Name and address of the controller
  2. Name and address of the data protection officer
  3. General information about data processing
  4. Technical provision of our website
  5. Use of cookies
  6. Contact form and e-mail address
  7. Request participant list through the website
  8. Your rights as a data subject
  9. Statutory or contractual requirements for the provision of personal data
  10. Third-party websites
  11. Social media plugins
  12. Automated decision-making and profiling

Name and address of the controller

myOpenFactory Software GmbH
Campus Boulevard 55
D-52074 Aachen

Email:datenschutz@myopenfactory.com
Manager:Dr Carsten Schmidt

Name and address of the data protection officer

At myOpenFactory Software GmbH, the data protection officer is appointed as follows:

First name, last name:Hans-Jürgen Fellgiebel
Company:imatec GmbH
Bickerather Strasse 3
D-52152 Simmerath
Email:datenschutz@myopenfactory.com

General information about data processing

Personal data and its sources

We process personal data that we receive directly from our customers, prospective customers, partners or other data subjects in the course of our business relationship or in the course of initiating a business relationship. In addition, we process personal data, insofar as this is necessary for our business relationship, which we obtain legitimately from publicly accessible sources (e.g. commercial register, press, internet).

In principle, we only process data that is relevant to the underlying processing purpose. Relevant personal data are your professional contact details such as surname, first name, title/gender, telephone, fax, email, function in the company, company name and address.

We process the aforementioned personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

  • Data processing for the performance of a contract (Article 6 (1) (b) GDPR):

    We process personal data mainly to provide contractually agreed services to our customers and to implement pre-contractual measures to initiate a contract with prospective customers.

  • Data processing for compliance with a legal obligation (Article 6 (1) (c) GDPR) or in the public interest (Article 6 (1) (e) GDPR):

    As a company, we are subject to various legal obligations, arising, for example, from tax laws or the German Anti-Money Laundering Act. Personal data can, therefore, also be processed, for example, for the purpose of preventing fraud and money laundering and meeting our tax control and reporting obligations.

  • Data processing based on a balance of interests (Article 6 (1) (f) GDPR):

    If necessary, we process personal data on the actual performance of the contract, to protect our legitimate interests or those of third parties. This includes, for example, processing for the purpose of exercising legal claims or defending against legal disputes as well as ensuring IT security and the IT operations of our company. This is also processing for the purpose of providing (advertising) information regarding new products and services, unless you have objected to the use of your data for this purpose.

  • Data processing based on your consent in accordance with Article 6 (1) (a) GDPR:

    The processing is also lawful if you have given us your consent to the processing of personal data for a specific purpose (e.g. status information on platform operation, invitations to events, sending newsletters, etc.). You have the right to withdraw your consent at any time, including consent given to us before GDPR entered into force. You can withdraw your consent with effect for the future, i.e. this will not affect the lawfulness of processing based on consent before its withdrawal.

Categories of recipients of personal data

The recipients of personal data are primarily our employees, our service providers or processors and, if applicable, the business partners of our customers who are addressed in an EDI document. The transfer of personal data to these recipient categories takes place exclusively to comply with our contractual obligations to our customers and is generally limited to the scope required for the purpose of processing.

If necessary, personal data will also be passed on to your business partners in the sense of networking and mutual contact between your company and the business partner, provided that we have your consent to do so.

In addition, we transmit data to third parties if there is a legal obligation to do so. This is the case, for example, when state institutions (authorities, courts, etc.) request information in writing, there is a court order or a legal basis explicitly permits this disclosure.

Transfer of personal data to recipients in third countries

Third countries within the meaning of data protection law are all countries outside the European Union (EU) or the European Economic Area (EEA). Exceptions are countries whose data protection level has already been formally recognized as adequate by the EU Commission.

In principle, data is only transferred to third countries if this is required to comply with our contractual obligations, required by law or if you have given us your consent in this regard. In addition, we do not transfer your personal data to countries outside the EU or EEA or to international organisations.

Data erasure and lenght of storage

We process and store your personal data for as long as it is necessary to fulfil our contractual obligations, applicable legal provisions or to maintain our business relationship with you or your company. If the data is no longer required for the performance of our contractual or legal obligations, we will erase the data on a regular basis, unless their further processing is required for a limited period time for the following purposes:

  • to comply with retention requirements under commercial and tax laws, in particular, the German Commercial Code (HGB), Fiscal Code (AO), and the Anti-Money Laundering Act (GwG). The retention or documentation periods specified there typically range from two to ten years.

  • Preservation of evidence under the provisions governing statutory limitations. While under Article 195 et seq. of the German Civil Code (BGB) these limitation periods can be up to 30 years, the normal limitation period is three years.

If you want your data to be erased, we will erase it promptly, provided this does not conflict with our statutory retention obligations.

Technical provision of our website

Description and scope of data processing

To ensure the proper functioning of our website, we process certain automatically transmitted information from you to allow your browser to display our website and you to use the website. This information is automatically collected and stored in log files every time our website is accessed. This information relates to the computer system of the requesting computer. The following information is collected: host or IP address of the requesting computer, date and time of access, query (request) and other methods of access (get/post), protocol (e.g. http), status (e.g. error messages), amount of data retrieved, referrer, browser and operating system of the requesting computer.

In the following we outline the relevant legal bases for processing your personal data to ensure the proper functioning of our website:

  • performance of a contract or the implementation of pre-contractual measures in accordance with Article 6 (1) (b) GDPR), if you visit our website to find out about our products, services or our events; and
  • to safeguard our legitimate interests in accordance with Article 6 (1) (f) GDPR, to make the website technically available to you. Our legitimate interest is to provide you with an attractive, technically functioning and user-friendly website and to take measures to protect our website from cyber risks and to prevent our website from posing cyber risks for third parties.
Purpose of data processing

The temporary storage of the IP address by the system is necessary to display the website on the requesting computer. To do this, it is necessary to store the requesting computer’s IP address for the duration of the session. The storage in log files is necessary to ensure the functionality of the website. The above data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Duration of storage

The data will be erased as soon as it is no longer required for the purpose for which it was originally collected. Where the data is collected for the purpose of providing the website, the data will be deleted at the end of the respective session. Where the data is stored in log files, it will be deleted after 90 days at the latest.

Possibility of objection and removal

The collection of data to ensure technical functionality of the website and the storage of data in log files is essential for the operation of the website. Users, therefore, do not have the right to object in this case.

Use of cookies

Description and scope of data processing

Our website uses technically necessary cookies. Cookies are text files that are stored on your computer system in the internet browser or by the internet browser when you visit a website. Cookies contain a characteristic string that allows the browser to be uniquely identified when the website is reopened. We only use these cookies to make our website and its technical functions available to you.

We use technically necessary cookies to ensure the technical functionality of our website to protect our legitimate interests in accordance with Article 6 (1) (f) GDPR in order to make the website technically available to you. Our legitimate interest is to provide you with an attractive, technically functioning and user-friendly website and to take measures to protect our website from cyber risks and to prevent our website from posing cyber risks for third parties.

Purpose of data processing

The purpose of using technically necessary cookies is to facilitate the use of the website. We would not be able to offer some functions and features of our website without the use of cookies. Cookies also help to recognise your browser again after you visited a different website. The user data collected through technically necessary cookies will not be used to create user profiles.

Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted to our site. This gives you as the user full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If you choose to disable cookies for our website, you may not be able to use all the functions and features of this website.

Contact form and e-mail address

Description and scope of data processing

On our website, we offer a contact form, which can be used to contact us online. If users take advantage of this option, the data they enter into the form will be transmitted to us and stored. These data include: email address, last name, company, telephone. You can also contact us by email using the email program you are using. In this case, we will store and process the data sent to us in the email.

To process and answer your inquiries using the contact form or sent to our email address, we process the personal data you have provided in this context. In any case, this includes your name and your email address in order to send you an answer, as well as the other information that you send us as part of your message.

We process your personal data to answer your inquiries on the following legal bases:

  • by clicking on “Send” on the contact form, you give us your explicit consent to the processing of the personal data you have provided in accordance with Article 6 (1) (a) GDPR,
  • if your contact is related to a contract to which you are a party or to carry out pre-contractual measures, in accordance with Article 6 (1) (b) GDPR,
  • to safeguard our legitimate interests in accordance with Article 6 (1) (f) GDPR; our legitimate interest is to respond appropriately to contact requests.
Purpose of data processing

The processing of personal data from the entry form allows us to process your contact and to carry out pre-contractual measures in the sense of contract initiation. In the event of contact by email, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our systems.

Duration of storage

The data will be erased as soon as it is no longer required for the purpose for which it was originally collected. With respect to the personal data from the enquiry bar of the user list, this is the case when the matter underlying your enquiry or the resulting pre-contractual measure has been finally concluded.

Possibility of objection and removal

Users are entitled to withdraw their consent to the processing of personal data at any time. If the communication takes place via email, they can object to the storage of their personal data at any time. In this case, the parties will no longer be able to engage in further communications.

Request participant list through the website

Description and scope of data processing

You can request our current user list on our website. This list contains an excerpt of the company names that can be reached via EDI through our EDI platform. When a user takes advantage of this opportunity, they enter their email address in the field provided in the request bar and click on “I want it!”. At that moment, the email address of the user is sent to us and saved together with the request.

To process and answer your request for a user list, we process the personal data you have provided in this context. In this case, this is your email address and your name, if recognisable from the email address. We process your personal data to answer user inquiries on the following legal bases:

  • by clicking on “I want it!” in the request bar, you give us your explicit consent to the processing of the personal data you have provided in accordance with Article 6 (1) (a) GDPR,
  • if your request is related to a contract to which you are a party or to carry out pre-contractual measures, in accordance with Article 6 (1) (b) GDPR,
  • to safeguard our legitimate interests in accordance with Article 6 (1) (a) GDPR; our legitimate interest lies in the appropriate answering of your request
Purpose of data processing

The processing of the personal data from the inquiry bar, i.e. your email address and, if applicable, your name (if recognisable from the email address) serves us to process your inquiry and to carry out pre-contractual measures in terms of contract initiation.

Duration of storage

The data will be erased as soon as it is no longer required for the purpose for which it was originally collected. With respect to the personal data from the enquiry bar of the user list, this is the case when the matter underlying your enquiry or the resulting pre-contractual measure has been finally concluded.

Possibility of objection and removal

Users are entitled to withdraw their consent to the processing of personal data at any time. If the communication takes place via email, they can object to the storage of their personal data at any time. In this case, the parties will no longer be able to engage in further communications.

Your rights as a data subject

Under the legal requirements, you are entitled to the following rights as the data subject, which you can assert against myOpenFactory Software GmbH. If possible, your requests to exercise your rights should be addressed in writing to the above address or directly to our data protection officer.

  • Your right of access under Article 15 GDPR:

You are entitled at any time to request information from us as to whether we are processing personal data relating to you. If this is the case, you can also request information about this personal data and the underlying processing purposes, categories of personal data, planned storage period, the origin of the data and the use of automated decision-making. You also have the right to find out to which recipients or categories of recipients your data has been or will be disclosed. In the case of recipients in third countries, in particular, you also have the right to be informed of suitable guarantees in connection with the transmission of your personal data. In all of the above cases, you have the right to request a free copy of your personal data processed by myOpenFactory Software GmbH.

  • Your right to rectification under Article 16 GDPR

    You are entitled at any time to request us to rectify or complete the personal data stored about you if it is inaccurate or incomplete.

  • Your right to erasure (“right to be forgotten”) under Article 17 GDPR

    You are entitled at any time to request that we erase the personal data relating to you and stored by us. However, you do not have the right to erasure if the processing of the personal data is necessary

    • to exercise the right of freedom of expression and information,

    • to comply with a legal obligation to which we are subject (e.g. statutory retention requirements) or

    • for the establishment, exercise or defence of legal claims

  • Your right to restriction of processing under Article 18 GDPR

    You are entitled at any time to demand that we restrict the processing of your personal data if, for example, data or parts of your data are incorrect or their processing is no longer necessary for one of the above purposes, but you do not wish the said data to be deleted. You can also request that the processing of your personal data be restricted if you object to processing in accordance with Article 21 (1) GDPR (see: your right of objection), but it has not yet been finally clarified at this point in time whether your legitimate interests outweigh our legitimate interests.

  • Your right to data portability under Article 20 GDPR

    You are entitled at any time to request that we transfer your personal data in a structured, commonly used and machine-readable format. Your personal data can also be transferred to another controller, provided that you have given your consent and the processing is carried out using an automated process.

  • Your right to withdraw under Article 7 (3) GDPR

    You are entitled at any time to withdraw the consent(s) you have given us for the processing of your personal data without stating any reasons with effect for the future. This also applies to the withdrawal of consent given to us before the European General Data Protection Regulation became effective.

  • Your right to object under Article 21 GDPR

    You have the right to object to the processing of your personal data at any time. We will then have to stop processing your personal data. However, ending the processing as a result of your objection may conflict with our legitimate interests or overriding legal provisions, and in this case, we will be entitled to process your personal data despite your objection.

    Your objection can be submitted informally to the controller named under point 1, stating your name and company details, by email with the subject “Objection” to: datenschutz@myopenfactory.com.

  • Your right to lodge a complaint with a supervisory authority under Article 77 GDPR

    You are entitled at any time to lodge a complaint with a competent supervisory authority if you believe that the processing of your personal data violates the provisions of the GDPR. You have the right to lodge a complaint without prejudice to any other administrative or judicial remedy.

    The supervisory authority responsible for us is:

    Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (Land Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia) Kavalleriestraße 2-4, 40213 Düsseldorf.

    Telefon:+49 211 38424-0
    Telefax:+49 211 38424-10
    E-Mail:poststelle@ldi.nrw.de
    Internet:http://www.ldi.nrw.de

    We recommend that you first address your complaint to our data protection officer.

Statutory or contractual requirements for the provision of personal data

In principle, you are not obliged to provide us with your personal data. As part of our business relationship, you are required to provide the personal data we need for the establishment and implementation of a business relationship and the fulfilment of the associated contractual obligations or which we are required to collect by law. Without this data, we will generally not be able to comply with your requests for information, enter into, implement and/or terminate a contract with you.

Third-party websites

Our privacy policy does not apply to third-party websites that you access through hyperlinks on our website. We ask you to pay special attention to the privacy policies used on the websites of third-party providers.

Social Media Plugins

We currently do not use any social media plugins.

Automated decision-making and profiling

The use of automated decision-making procedures (under with Art. 22 GDPR) or other profiling measures (in accordance with Art. 4 GDPR) are generally not provided for in the data processing of myOpenFactory Software GmbH.