With the following information, we would like to give you an overview of the personal data we process and inform you of your rights under data protection laws.

1. controller for data processing and contact details of the data protection officer

alfatraining Bildungszentrum GmbH

Kriegsstr. 100; 76133 Karlsruhe; Telephone: +49 721 35450-300;
E-Mail:info(at)alfatraining.de

Data Protection Officer: Email to datenschutzanfragen@xdsb.de or at our postal address with the addition "the Data Protection Officer".

2. from which sources does the personal data originate?

We process personal data that we have obtained from business relationships (e.g. with customers or suppliers) or from inquiries to our company. As a rule, we receive this data directly from the contractual partner or an inquiring person. However, personal data may also come from public sources (e.g. commercial registers), provided that the processing of this data is permitted. Data may also have been legitimately transmitted to us by other companies. Depending on the individual case, we may also store our own information relating to this data (e.g. as part of an ongoing business relationship). Depending on the individual case, this may include master data (e.g. name, address), contact data (e.g. telephone number, e-mail address), contract and billing data to fulfill our contractual obligations or data necessary to process an inquiry, possibly also creditworthiness data, advertising and sales data and other data from comparable categories.

3. for what purposes and on what legal basis is the personal data processed?

We process personal data in compliance with data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

a.) In the context of the performance of a contract or in order to take steps prior to entering into a contract (Art. 6 para. 1 sentence 1 lit. b GDPR)

We process personal data primarily for the fulfillment of contractual obligations and the provision of the associated services or in the context of a corresponding contract initiation (e.g. contract negotiations, preparation of offers). The specific purposes depend on the respective service or product to which the business relationship or contract initiation relates.

b.) In the context of the fulfillment of a legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR)

 

In many situations, we are required by law to collect certain personal data from you and to forward or make it available to certain - usually public - bodies. For example, we provide the tax authorities with the personal data required for this purpose in accordance with the relevant legal requirements for the purpose of tax calculation.

c.) As part of the balancing of interests (Art. 6 para. 1 sentence 1 lit. f GDPR)

 

We also collect and process personal data to safeguard legitimate interests in the following situations

• Processing general inquiries about our products and services
• Assertion of legal claims and defense in legal disputes
• Ensuring IT operations and IT security
• Measures for building and system security (e.g. access authorizations)
• Measures to improve our internal business processes and product optimization

 

d.) Within the scope of consent (Art. 6 para. 1 sentence 1 lit. a GDPR)

 

In some situations, the processing of your personal data is not mandatory and is only permitted with your consent. In these cases, we draw your attention to this fact, in particular to the voluntary nature of giving consent and the possibility of revoking it at any time with effect for the future.
This is the case, for example, with

• some data processing via our website (see privacy policy on our website)
• in some advertising situations (existence of advertising consent, if required by law)

 

4. recipients of the personal data

In general, the company only grants access to your data to entities that need to work with your data ("need-to-know principle"), i.e. require access to this data to fulfill a contractual or legal obligation. These may also be service providers and vicarious agents acting on behalf of the company and/or who have been obliged to process the data confidentially.

In certain situations, we transmit your data to

• public authorities (e.g. tax authorities) if there is a legal obligation to do so
• other companies as part of the implementation of the contractual relationship, as part of a balancing of interests or on the basis of your consent. In individual cases, depending on the business relationship or order, these may be companies involved in the provision of our services, logistics partners, marketing service providers, credit agencies, banks, tax consultants or lawyers, for example.

 

5. is data transferred to a third country or to an international organization?

 

We transfer personal data to other entities in countries outside the European Union (third country) if this is necessary to carry out the business relationship, if it is required by law or if you have given us your consent to do so.

 

In certain situations, we use or reserve the right to use service providers who may either be based in a third country or who in turn may have service providers based in a third country. Data transfer to a third country is permitted under Art. 45 GDPR if the European Commission has decided that an adequate level of protection exists in a third country. In the absence of such a decision, data may be transferred to a third country if the controller has provided appropriate safeguards (e.g. standard data protection clauses issued by the European Commission) and the data subject has enforceable rights and effective legal remedies (Art. 46 GDPR). As a matter of principle, we only work with entities in a third country that meet the criteria listed.

6 Storage duration of the data

We process and store your personal data for as long as is necessary to fulfill our contractual and legal obligations. If the storage of personal data is no longer necessary for the fulfillment of these obligations, it will be deleted, unless there are statutory retention obligations, such as commercial and tax retention obligations under the German Fiscal Code and the German Commercial Code (6 or 10 years) and for the preservation of evidence within the framework of statutory limitation provisions.

 

7. rights of data subjects

You have the following rights vis-à-vis us with regard to your personal data:

• Right of access
• Right to rectification or erasure
• Right to restriction of processing
• Right to object to the processing
• Right to data portability.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

However, you also have the option of contacting our company data protection officer (also confidentially).

If you have given us your consent (Art. 6 para. 1 sentence 1 lit. a GDPR), you can revoke this at any time with effect for the future.

Insofar as we base the processing of your personal data on the balancing of interests (Art. 6 para. 1 sentence 1 lit. f GDPR), you can object to the processing. When exercising
such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
You can object to the processing of your personal data for advertising purposes at any time.

 

8. obligation to provide data

As part of the execution or initiation of a contract, you must provide the personal data necessary for the fulfillment of the contract or the implementation of pre-contractual measures and the associated obligations. You must also provide the personal data that we are legally obliged to collect. Without the provision of this data, we will not be able to conclude or fulfill a contract with you.

In cases of data collection based on consent, the provision of data by you is voluntary and not mandatory. However, if consent is not given, we will not be able to provide the services based on data processing by means of consent. You can revoke your consent at any time with effect for the future, even after you have given it.

9. does automated decision-making or profiling take place?

 

No.